Mobile IP Working Group H. Sjostrand
Internet Draft February 12, 2007
The Definitions of Managed Objects for
Mobile IP UDP Tunneling
draft-sjostrand-mip4-udptunnel-mib-01
Status of this Memo
By submitting this Internet-Draft, each author represents that
any applicable patent or other IPR claims of which he or she is
aware have been or will be disclosed, and any of which he or she
becomes aware will be disclosed, in accordance with Section 6 of
BCP 79.
This document may not be modified, and derivative works of it may not
be created, other than to extract section "Mobile IP UDP Tunnel MIP
definitions" as-is for separate use.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on July 12, 2007.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Sjostrand Expires July 12, 2006 [Page 1]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
Abstract
This memo defines the Management Information Base (MIB) for use with
network management protocols in TCP/IP-based internets. In
particular, it describes managed objects used for managing the Mobile
Node, Foreign Agent and Home Agent when Mobile IP Traversal of
Network Address Translation (NAT) Devices are used.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119].
Table of Contents
1. Introduction...................................................3
2. The Internet-Standard Management Framework.....................3
3. Structure of the MIB...........................................3
3.1. Structure of the Mobile IP UDP Tunneling..................3
3.2. MIB Groups................................................4
4. Mobile IP UDP Tunnel MIB Definitions...........................5
5. Security Considerations.......................................10
6. IANA Considerations...........................................11
APPENDIX A: Todo and open issues.................................12
A.1. OID placement............................................12
A.2. Default values...........................................12
7. References....................................................12
7.1. Normative References.....................................12
7.2. Informative References...................................13
Author's Address.................................................13
Intellectual Property Statement..................................13
Sjostrand Expires July 12, 2006 [Page 2]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
1. Introduction
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it describes managed objects used for managing the
Mobile Node, Foreign Agent and Home Agent when Mobile IP Traversal of
Network Address Translation (NAT) Devices are used.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119].
2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
3. Structure of the MIB
This memo defines a portion of the Management Information Base (MIB)
for the use with network management protocols in the Internet
community. In particular, it describes managed objects for the
Mobile IP Traversal of Network Address Translation (NAT) Devices as
defined in [RFC3519].
3.1. Structure of the Mobile IP UDP Tunneling
The Mobile IP Traversal of Network Address Translation (NAT) Devices
specifisation [RFC3519] specifies a few managed entities. These are
the behaviour to force and accept udp tunneling, and the
configuration of the keep alive timers.
The Mobile IP Traversal of Network Address Translation (NAT) Devices
specifisation [RFC3519] also specifies a new error code for
Sjostrand Expires July 12, 2006 [Page 3]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
"Requested UDP tunnel encapsulation unavailable". Therefore a counter
object for this error code is also included in this mib module.
Further, it's good practice to include object to enable and disable
the MIP UDP tuning completely.
Configuration of MIP UDP tunneling has been deployed in various
vendore implementations for years. Field experience have shown that
it's indeed a good idea to always use UDP tunneling instead if the
original Mobile IP tunneling methods. Therefore, an object is added
in the HA to always force the use of UDP tunneling to all UDP
tunneling capable nodes, regardless of F-flag or outcome of NAT test.
3.2. MIB Groups
Objects in this MIB are arranged into groups. Each group is related
to the Mobile IP entities Mobile Node, Foreign Agent and Home Agent.
The Mobile IP entities Mobile Node, Foreign Agent and Home Agent are
described in [RFC3344].
Sjostrand Expires July 12, 2006 [Page 4]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
4. Mobile IP UDP Tunnel MIB Definitions
MIP-UDPTUNNEL-MIB DEFINITIONS ::= BEGIN
IMPORTS
Counter32, Unsigned32, MODULE-IDENTITY,
OBJECT-TYPE
FROM SNMPv2-SMI -- [RFC2578]
TruthValue
FROM SNMPv2-TC -- [RFC2579]
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF -- [RFC2580]
mipMIB
FROM MIP-MIB; -- [2006bis]
mipUdpTunnelMIB MODULE-IDENTITY
LAST-UPDATED "200702120000Z"
ORGANIZATION "IETF Mobile IP Working Group"
CONTACT-INFO
" Hans Sjostrand
ipUnplugged
hans@ipunplugged.com"
DESCRIPTION
"The MIB module for configuring and displaying Mobile
IP Traversal of Network Address Translation (NAT)
Devices information.
Copyright (C) IETF Trust (2007). This version
of this MIB module is part of RFC yyyy; see the RFC
itself for full legal notices."
REVISION "200702120000Z"
DESCRIPTION
"First version."
::= { mipMIB 4 }
mipUdpTunnelMIBObjects OBJECT IDENTIFIER ::= { mipUdpTunnelMIB 1 }
mnUdpTunnel OBJECT IDENTIFIER ::= { mipUdpTunnelMIBObjects 1 }
haUdpTunnel OBJECT IDENTIFIER ::= { mipUdpTunnelMIBObjects 2 }
faUdpTunnel OBJECT IDENTIFIER ::= { mipUdpTunnelMIBObjects 3 }
-- =================================================================
-- mnUdpTunnel Group
mnUdpTunnelEnable OBJECT-TYPE
SYNTAX TruthValue
Sjostrand Expires July 12, 2006 [Page 5]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter enables and disables the RFC 3519 UDP
tunneling function in the MN completely."
DEFVAL { true }
::= { mnUdpTunnel 1 }
mnUdpTunnelForce OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter enables (or disables) the MN to set
the F (force) flag. It indicates that the mobile
node wants to use traversal regardless of the
outcome of NAT detection performed by the home agent."
DEFVAL { false }
::= { mnUdpTunnel 2 }
mnUdpTunnelKeepaliveInterval OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Defines the default NAT keepalive interval that the
mobile node will use in the case that the HA does
not impose another value by setting the Keepalive
Interval in the UDP Tunnel Reply Extension."
DEFVAL { 110 }
::= { mnUdpTunnel 3 }
-- =================================================================
-- haUdpTunnel Group
haUdpTunnelEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter enables and disables the RFC 3519 UDP
tunneling function in the HA completely."
DEFVAL { true }
::= { haUdpTunnel 1 }
Sjostrand Expires July 12, 2006 [Page 6]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
haUdpTunnelPermitMnForce OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter enables (or disables) permission for
the Mobile Node to force UDP tunneling. NAT
traversal according to RFC3519 permits the MN (or
FA) to set a flag in the UDP tunneling request
extension which indicates that it wants tunneling
to be done even if the HA does not detect a NAT
between the MN (or FA) and itself. This parameter
controls whether the HA will honor this request or
not."
DEFVAL { true }
::= { haUdpTunnel 2 }
haUdpTunnelKeepaliveInterval OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter sets the keepalive interval override.
Normally, the MN uses the keepalive time that was
configured using UDP tunneling and sending
keepalive messages. The HA can override this
configured keepalive time by setting a new
interval value for this parameter to a value other
than zero."
DEFVAL { 0 }
::= { haUdpTunnel 3 }
haUdpTunnelForce OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter enables and disables the HA forcing all
connections from MNs which support RFC 3519 UDP
tunneling to use tunneling whether or not the
presence of a NAT is detected."
DEFVAL { false }
::= { haUdpTunnel 4 }
haUdpTunnelEncapUnavail OBJECT-TYPE
SYNTAX Counter32
Sjostrand Expires July 12, 2006 [Page 7]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of Registration Requests denied by the
home agent -- Requested UDP tunnel encapsulation
unavailable (code 142)."
::= { haUdpTunnel 5 }
-- =================================================================
-- faUdpTunnel Group
faUdpTunnelEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter enables and disables the RFC 3519 UDP
tunneling function in the FA completely."
DEFVAL { true }
::= { faUdpTunnel 1 }
faUdpTunnelForce OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This parameter enables (or disables) the FA to set
the F (force) flag. It indicates that the foreign
agent wants to use traversal regardless of the
outcome of NAT detection performed by the home agent."
DEFVAL { false }
::= { faUdpTunnel 2 }
faUdpTunnelKeepaliveInterval OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Defines the default NAT keepalive interval that the
foreign agent will use in the case that the HA does
not impose another value by setting the Keepalive
Interval in the UDP Tunnel Reply Extension."
DEFVAL { 110 }
::= { faUdpTunnel 3 }
-- =================================================================
Sjostrand Expires July 12, 2006 [Page 8]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
-- MIP Conformance Statements
mipUdpTunnelConformance
OBJECT IDENTIFIER ::= { mipUdpTunnelMIB 2 }
mipUdpTunnelGroups
OBJECT IDENTIFIER ::= { mipUdpTunnelConformance 1 }
mipUdpTunnelCompliances
OBJECT IDENTIFIER ::= { mipUdpTunnelConformance 2 }
--
-- compliance statements
--
mipUdpTunnelCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMPv2 entities which
implement the Mobile IP UDP Tunnel MIB."
MODULE
GROUP mnUdpTunnelGroup
DESCRIPTION
"This group is mandatory for a mobile node."
GROUP haUdpTunnelGroup
DESCRIPTION
"This group is mandatory for a home agent."
GROUP faUdpTunnelGroup
DESCRIPTION
"This group is mandatory for a foreign agent."
::= { mipUdpTunnelCompliances 1 }
--
-- Units of conformance
--
mnUdpTunnelGroup OBJECT-GROUP
OBJECTS { mnUdpTunnelEnable, mnUdpTunnelForce,
mnUdpTunnelKeepaliveInterval }
STATUS current
DESCRIPTION
"A collection of objects providing management
Sjostrand Expires July 12, 2006 [Page 9]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
information for theuse of UDP tunneling according to
RFC3519 within a mobile node."
::= { mipUdpTunnelGroups 1 }
haUdpTunnelGroup OBJECT-GROUP
OBJECTS { haUdpTunnelEnable, haUdpTunnelForce,
haUdpTunnelPermitMnForce,
haUdpTunnelKeepaliveInterval,
haUdpTunnelEncapUnavail }
STATUS current
DESCRIPTION
"A collection of objects providing management
information for theuse of UDP tunneling according to
RFC3519 within a home agent."
::= { mipUdpTunnelGroups 2 }
faUdpTunnelGroup OBJECT-GROUP
OBJECTS { faUdpTunnelEnable, faUdpTunnelForce,
faUdpTunnelKeepaliveInterval }
STATUS current
DESCRIPTION
"A collection of objects providing management
information for theuse of UDP tunneling according to
RFC3519 within a foreign agent."
::= { mipUdpTunnelGroups 3 }
END
5. Security Considerations
Assuming that secure network management (such as SNMP v3) is
implemented, the objects represented in this MIB do not pose a threat
to the security of the network.
There are a number of management objects defined in this MIB that
have a MAX-ACCESS clause of read-write. Such objects may be
considered sensitive or vulnerable in some network environments. The
support for SET operations in a non-secure environment without proper
protection can have a negative effect on network operations.
Not all versions of SNMP provide features for such a secure
environment. SNMPv1 by itself is not a secure environment. Even if
the network itself is secure (for example by using IPSec), even then,
there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this
MIB.
Sjostrand Expires July 12, 2006 [Page 10]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
It is recommended that the implementers consider the security
features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model RFC 2574 [RFC2574] and the View-
based Access Control Model RFC 2575 [RFC2575] is recommended.
It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those principals
(users) that have legitimate rights to indeed GET or SET
(change/create/delete) them.
6. IANA Considerations
This section is to be done. It's stiul unclear wheither there should
be a new OID assigned from mib-2 space, or an OID under the mipMIB
OID should be used.
Sjostrand Expires July 12, 2006 [Page 11]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
APPENDIX A: Todo and open issues
A.1. OID placement
Since this is the first mib extending teh Mobile IP mib it's a bit
unclear how this mib should be placed in the OID structure. Most
probably there will be an OID assigned under mipMIB after IANA has
taken control over that OID space. Alternatively there could be a new
OID assigned by IANA under mib-2. For the sake of simplicity the
first approach is used in this version of the mib.
A.2. Default values
In this first version of the mib default values have been defined for
all objects. This is good practice, however it's still an open issue
which values these default values should have. Except in the case
with keepalive timers, these values are not mandated from RFC3519,
but are just some assumtion of a useful configuration of the Mobile
IP UDP tunnelling function.
However, it differs from the default values used in both the
propriatory Cisco and ipUnplugged implementations so it would be
usedful with some input on the applicability.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2574] Blumenthal U., "User-based Security Model (USM) for version
3 of the Simple Network Management Protocol (SNMPv3)", RFC
2574, April 1999.
[RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)", RFC 2575, April 1999
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999.
Sjostrand Expires July 12, 2006 [Page 12]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999.
[RFC3344] Perkins, C., "IP Mobility Support for IPv4", RFC 3344,
August 2002.
[RFC3519] H. Levkowetz and S. Vaarala, "Mobile IP Traversal of
Network Address Translation (NAT) Devices", April 2003
[2006bis] The Definitions of Managed Objects for IP Mobility Support
using SMIv2, revised, Work in progress
7.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
Author's Address
Hans Sjostrand
ipUnplugged
Arenavagen 21
121 29 Stockholm
Sweden
Phone: +46 8 725 5900
Email: hans@ipunplugged.com
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
Sjostrand Expires July 12, 2006 [Page 13]
Internet-Draft Mobile IP UDP Tunneling MIB February 2007
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment
Funding for the RFC Editor function is currently provided by the IETF
Administrative Support Activity (IASA).
Sjostrand Expires July 12, 2006 [Page 14]